Lucene search
+L

52 matches found

OSV
OSV
added 2017/04/10 2:59 p.m.3 views

UBUNTU-CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...

8.8CVSS7.9AI score0.06243EPSS
Exploits0References5
NVD
NVD
added 2014/11/24 3:59 p.m.19 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

9CVSS6.3AI score0.03575EPSS
Exploits0References1
OSV
OSV
added 2014/11/24 3:59 p.m.1 views

DEBIAN-CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

9CVSS6.8AI score0.03575EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/11/24 3:59 p.m.42 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

9CVSS5.9AI score0.03575EPSS
Exploits0References2
Prion
Prion
added 2014/11/24 3:59 p.m.21 views

Design/Logic Flaw

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

9CVSS6.8AI score0.03575EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2014/11/24 3:0 p.m.32 views

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

7.1AI score0.02357EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/11/24 3:0 p.m.34 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

6.2AI score0.03575EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2014/11/24 3:0 p.m.49 views

CVE-2014-8418

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...

9CVSS6.3AI score0.03575EPSS
Exploits0
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.72 views

AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions

Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On November 4, 2014 Report...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/24 12:0 a.m.37 views

FreeBSD : asterisk -- Multiple vulnerabilities (a92ed304-716c-11e4-b008-001999f8d30b)

The Asterisk project reports : AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

9CVSS5.3AI score0.03575EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/11/24 12:0 a.m.55 views

Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)

Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations CVE-2014-6610. Asterisk Susceptibility to POODLE Vulnerability CVE-2014-3566. Mixed IP address families in access control lists may permit...

4.3CVSS6.3AI score0.99999EPSS
Exploits7References8
FreeBSD
FreeBSD
added 2014/11/21 12:0 a.m.40 views

asterisk -- Multiple vulnerabilities

The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...

6.5CVSS6.7AI score0.02357EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/25 12:0 a.m.39 views

Asterisk ReceiveFax Dialplan Application Remote DoS (AST-2014-010)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability in the ReceiveFax Dialplan application. This is due to a flaw in the 'resfaxspandsp' module, which is caused by the improper handling of...

4CVSS5.5AI score0.01518EPSS
Exploits0References5
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.43 views

AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

Asterisk Project Security Advisory - AST-2014-010 Product Asterisk Summary Remote crash when handling out of call message in certain dialplan configurations Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Report...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/19 12:0 a.m.12 views

FreeBSD : asterisk -- Remotely triggered crash (e60d9e65-3f6b-11e4-ad16-001999f8d30b)

The Asterisk project reports : When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...

5.5AI score
Exploits0References4
FreeBSD
FreeBSD
added 2014/09/05 12:0 a.m.18 views

asterisk -- Remotely triggered crash

The Asterisk project reports: When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...

0.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/01/08 12:0 a.m.28 views

Debian DSA-2835-1 : asterisk - buffer overflow

Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. An additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.html With the fix for AST-2013-007, a new configuration option was added in order to allow...

5CVSS5.9AI score0.14715EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2014/01/05 12:0 a.m.36 views

Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)

Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. An additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.htmlWith the fix for AST-2013-007, a new configuration option was added in order to allow...

5CVSS0.1AI score0.14715EPSS
Exploits1References1
OSV
OSV
added 2014/01/05 12:0 a.m.13 views

DSA-2835-1 asterisk - buffer overflow

Bulletin has no description...

5CVSS6.3AI score0.14715EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/24 12:0 a.m.38 views

AST-2013-007: Asterisk Manager User Dialplan Permission Escalation

Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known None Reported On November 25, 2013 Reported By Matt...

1.6AI score
Exploits0
Rows per page
Query Builder